Capability without self-knowledge is not autonomy. It is unpredictability with a confidence score.
The Question Nobody Is Asking
The AI industry has spent three years optimizing for the wrong metric.
Model benchmarks measure what agents can do. Retrieval systems measure how quickly agents find relevant content. Latency dashboards measure how fast agents respond. Evaluation frameworks measure how often agents get the right answer on curated test sets.
None of these measure the one thing that determines whether an autonomous agent is safe to deploy in a consequential context: whether the agent knows what it doesn't know.
This is not a soft requirement. It is the structural prerequisite for any meaningful form of agentic autonomy. An agent that retrieves perfectly, reasons fluently, and responds quickly — but has no model of its own epistemic boundaries — is not a reliable system. It is a high-performance failure mode waiting for the right input.
MindBot's three-extension architecture — PG_FACETS, PG_DGRAPH, and PG_MEMPROJ — is built on a single postulate: agentic autonomy must scale proportionally to epistemic self-awareness, not to generative capability. The extensions are not utilities bolted together for performance. They are three layers of a coherent answer to the question of what it means for an agent to know itself well enough to be trusted.
The Four States of Knowledge — and Why Three of Them Are Dangerous
Donald Rumsfeld's epistemic taxonomy was dismissed as political sophistry when he articulated it in 2002. Applied to AI agent architecture, it is one of the most precise frameworks available.
There are four epistemic states an agent can be in relative to any piece of knowledge:
A Known Known is information the agent has, knows it has, and can retrieve. This is the domain of search, retrieval, and indexing. PG_FACETS lives here — it ensures that what the agent knows is findable in milliseconds at scale.
A Known Unknown is a gap the agent is aware of. "I know I don't know the current interpretation of Article 49 under Belgian regulatory precedent." This is manageable. Known unknowns can be flagged, escalated, or routed. PG_DGRAPH lives here — its gap nodes turn absent knowledge into explicit, queryable, actionable signals.
An Unknown Known is knowledge the agent possesses but doesn't know it possesses — latent capability that hasn't been surfaced or structured. This is the domain of ontology inference. When PG_DGRAPH compares an agent's knowledge graph against a domain ontology and finds that an edge should exist based on structural patterns, it surfaces knowledge the agent had implicitly but hadn't organized explicitly.
An Unknown Unknown is the most dangerous state: the agent doesn't know what it doesn't know, and therefore doesn't know to ask, to escalate, or to hesitate. This is the source of confident, fluent, wrong reasoning. It is where hallucinations live. It is where professional liability begins.
The MindBot architecture addresses the first three states with increasing sophistication. It is honest about the fourth: Unknown Unknowns are the irreducible residual. The architecture does not claim to eliminate them. It claims to push their boundary outward — converting some Unknown Unknowns into Known Unknowns through ontology-driven inference — while making the remaining residual explicit as a boundary, not invisible as an assumption.
This honesty is not a weakness. It is the defining property of trustworthy architecture.
PG_FACETS: Mapping the Territory of Known Knowns
Every epistemic architecture starts with the same foundation: what does the agent actually have access to?
PG_FACETS answers this question at production scale. Hybrid BM25 plus embedding retrieval, Roaring Bitmap multi-dimensional filtering, all colocated inside PostgreSQL — the same instance that holds the rest of the agent's world. No separate search infrastructure. No synchronization boundary. No consistency gap between what the agent "knows" and what is actually in the system of record.
But PG_FACETS is not merely a fast search engine. It is the canonical store for declarative knowledge — the place where facts, documents, regulations, and records exist as authoritative objects with lifecycle management. When a regulation changes, the change happens here. When a document is deprecated, it is deprecated here. PG_FACETS is the ground truth that everything else derives from.
The architectural implication is significant: if PG_FACETS is wrong or incomplete, everything downstream is wrong or incomplete — including the agent's self-model. This is the first principle of epistemic architecture. There is no foundation below the canonical store. The quality of the territory map bounds the quality of everything built on top of it.
What PG_FACETS does not do — and is not designed to do — is tell the agent whether it is equipped to reason about what it finds. A compliance agent that retrieves a perfect set of GDPR documents still does not know, from the retrieval alone, whether it understands the dependency structure that makes those documents meaningful in context. That is a different problem, requiring a different structure.
PG_DGRAPH: The Mirror
If PG_FACETS is the agent's territory, PG_DGRAPH is the agent's map of its own ability to navigate that territory.
The architectural innovation is the use of directed graphs for knowledge modeling. The direction matters. A → B is not the same as B → A. "Regulation X requires understanding Concept Y" is an asymmetric relationship — flipping it produces a false claim. Professional knowledge is built entirely of such asymmetries: prerequisites, dependencies, logical sequences, conditional requirements. A flat table cannot represent them. A non-directed graph loses the information. Only a directed graph preserves the full epistemic structure.
PG_DGRAPH stores knowledge nodes — concepts, competencies, regulations, workflows, roles — connected by directed edges with properties. The graph is not a static artifact. It is a living structure, updated transactionally in the same PostgreSQL instance as PG_FACETS, writable by the agents themselves as they operate.
The self-model emerges from the interaction of the agent's knowledge graph with a domain ontology: a reference graph representing the full knowledge structure of a professional field as it should be understood by a competent practitioner. The gap between the agent's graph and the domain ontology is the agent's explicit incompleteness. Every missing node is a known unknown. Every missing edge between nodes the agent has is a structural gap in its understanding of the domain.
This is what it means for an agent to know itself. Not introspection as a metaphor. Traversal as a mechanism. The agent can query its own knowledge graph and receive a structured answer: here is what I cover, here is what I don't, here is why this task requires capabilities I don't have, and here is the precise escalation trigger.
The Coverage Score — Making Substitutability Measurable
One of the most consequential debates in enterprise AI deployment is framed entirely wrong: "Can this agent replace this role?" It is framed as a binary, philosophical question. PG_DGRAPH makes it a graph query.
Every professional role can be decomposed into a graph: competency nodes, task nodes, decision nodes, regulatory nodes, and the directed edges that define their dependencies. The coverage score — the percentage of a role's required knowledge nodes that the agent's graph covers — transforms a philosophical debate into a spectrum.
An agent with 95% coverage of a compliance officer's domain graph can operate with high autonomy, because its failure modes are bounded and mapped. An agent with 60% coverage can operate as an augmentation tool, with explicit human oversight for the uncovered 40%. The gap nodes define the exact boundary of the human-in-the-loop policy — not a general disclaimer, but a precise rule: when task execution requires traversal through node X, escalate.
This reframes the augmentation-versus-replacement debate entirely. The question is no longer whether AI replaces human professionals. The question is what percentage of a professional's knowledge graph is covered, which gaps remain, and what the appropriate human oversight structure is for those specific gaps.
PG_MEMPROJ: The Working Memory
Having accurate knowledge (PG_FACETS) and a precise self-model (PG_DGRAPH) does not solve the final problem. The agent must communicate what it knows to the model — and the model's context window is bounded, costly, and noise-sensitive.
This is not a minor implementation detail. It is a structural challenge that determines whether the epistemic architecture actually improves reasoning or just documents it. A perfectly mapped knowledge graph that gets dumped raw into a 4,000-token context window produces worse outcomes than no graph at all — the model drowns in structure rather than reasoning on content.
PG_MEMPROJ is the answer. It is a projection layer — not a database, not a store, not a source of truth — that materializes read-optimized, query-shaped views from canonical sources, ranks them by relevance, and delivers them in a compact, typed, provenanced format that the model can consume directly.
The Proposition DSL — A Communication Medium for Reasoning
The Proposition DSL is the core technical innovation of PG_MEMPROJ. It replaces raw JSON blobs and graph dumps with a line-oriented format where each line is a self-contained reasoning unit:
textFACT: agent:42 has active_sessions=3
GOAL: project:compliance-audit reach status=COMPLETE by 2026-04-01
STEP: validate all GDPR article-49 clauses before submitting
CONSTRAINT: token_budget_remaining < 2000 → switch to compact mode
Each line carries a type, a content statement, a ranking weight, and a source_ref — a canonical UUID pointing back to the PG_FACETS document or PG_DGRAPH edge that generated it. The provenance is not optional. Without it, a DSL line is a claim without origin — unauditable, unverifiable, unretractable when wrong.
The delivery mechanism — memproj_pack_context(user_id, query, limit) — returns the top N ranked propositions for the current query context. Not everything that exists. Not a random sample. The most relevant subset, pre-ranked, pre-formatted, ready to inject. Typically 80 to 200 bytes. The compression ratio between available context and delivered context can be three orders of magnitude. The model receives exactly what it needs.
The Non-Negotiable Boundary
PG_MEMPROJ's design enforces a strict write constraint, captured in four normative rules. The most critical is Rule 3: PG_MEMPROJ never becomes a second writer for the same logical edge. It mirrors canonical data for LLM consumption. It does not own it.
This boundary is what prevents projection systems from becoming shadow data stores — a pattern that has broken many enterprise data architectures. The agent reads from projections for efficiency. It trusts PG_FACETS and PG_DGRAPH for truth. The two surfaces never converge into ambiguity.
Epistemic Sovereignty — A New Concept for Agent Architecture
The combination of the three extensions produces a property that does not exist in current agent architectures: what might be called epistemic sovereignty.
An epistemically sovereign agent is one that:
- Has a canonical, authoritative representation of what it knows (PG_FACETS)
- Has a traversable, queryable model of the structure and gaps in that knowledge (PG_DGRAPH)
- Has a ranked, compact, provenanced delivery mechanism for that knowledge (PG_MEMPROJ)
- Can therefore act with bounded confidence — knowing the exact shape of its uncertainty before it acts
Epistemic sovereignty is not the same as omniscience. It is the capacity to know what you don't know well enough to act reliably within the boundaries of what you do know, and to escalate precisely at the edges.
This property has profound implications for how AI deployment should be evaluated, certified, and governed in professional contexts.
Dynamic Autonomy — Autonomy as a Derived Property
Current multi-agent systems assign autonomy at configuration time. An agent is either trusted to take action or it isn't. This binary fails in practice because epistemic coverage varies continuously — by domain, by task, by time, by organizational context.
PG_DGRAPH enables a different model: dynamic autonomy, where an agent's action permissions, tool scope, and escalation thresholds are derived in real time from its current coverage score against the relevant domain ontology.
An agent handling a GDPR data transfer request at 9AM on a Monday might have full coverage of the relevant regulatory graph. The same agent asked about a cross-border data transfer involving a novel bilateral agreement — not yet integrated into the ontology — would have a measurable coverage drop. In a dynamic autonomy model, the orchestrator detects this drop and adjusts the agent's behavior automatically: reduced action scope, mandatory human checkpoint, explicit gap disclosure to the user.
Autonomy becomes a function of the graph, not a static configuration. It earns itself continuously, and loses itself precisely when it should.
The Collective Epistemic Map in Multi-Agent Orchestration
Single-agent architecture is a solved problem in the abstract. Multi-agent orchestration is where epistemic architecture becomes genuinely complex — and genuinely interesting.
In a system of N agents, each with its own knowledge graph in PG_DGRAPH, the union of those graphs is the system's collective knowledge territory. PG_DGRAPH as shared infrastructure makes this collective map queryable. The orchestrator can ask questions no individual agent can answer:
- "Which agent in this system has the highest coverage score for this specific regulatory question?" — routing by competency, not by label
- "Are there tasks in our operational domain that no agent in the system covers?" — detection of systemic gaps
- "If agent A fails, which agent can partially cover its responsibilities, and which gaps would emerge in that coverage?" — epistemic resilience planning
Systemic gaps — tasks that fall in the blind spots of every agent in the system — are not discoverable by any individual agent. They are only visible at the collective level. These gaps become signals: for training new agents, for routing to human experts, for revising the ontology, or for acknowledging that the task domain lies outside the system's current capability.
This is multi-agent orchestration operating at the level of epistemic architecture, not just task routing. The orchestrator does not merely schedule work — it maintains a living map of what the system knows, what it doesn't know, and how its knowledge coverage changes over time.
The Blind Spots the Architecture Cannot Eliminate
Honest architecture names its own limits. PG_FACETS, PG_DGRAPH, and PG_MEMPROJ do not claim to solve the problem of Unknown Unknowns. They push the boundary outward. Five structural blind spots remain.
The meta-recursion problem. The system that tells an agent what it doesn't know — who validates that system? Domain ontologies are produced by humans or automated processes, both of which are fallible. There is no absolute epistemic foundation. The architecture terminates on an external postulate: the ontology is accepted as the reference. This is an architectural choice, not a resolution.
Temporal epistemic drift. Knowledge has a half-life. PG_DGRAPH edges that were valid in Q1 may be stale in Q2. The architecture handles invalidation when sources are explicitly updated — but the silence of non-update is indistinguishable from stability. A regulation that changes without triggering a knowledge update produces a self-model that is confident and wrong.
Projection laundering. The Proposition DSL carries implicit authority. A FACT: line presented to the model reads as an assertion. If the projection source contains an error — whether from a faulty projector, an incorrect ontology edge, or a compromised source document — the DSL surface amplifies that error with the weight of structured authority. Provenance via source_ref enables post-hoc audit. It does not prevent pre-injection error.
Emergent systemic blind spots. Individual agents may have accurate self-models. Their interactions in orchestration create task boundaries that no individual graph models. A question that spans the fiscal-contractual domain boundary sits in the blind spot of an architecture where Agent A covers tax law and Agent B covers contract law, but neither models the intersection. Systemic gaps are not the sum of individual gaps.
The paradox of unstructured competence. An agent may produce the correct result on a task for which PG_DGRAPH signals a gap — through generalization, analogical reasoning, or emergent LLM capability that is not captured in the knowledge graph. A false positive on gap detection triggers unnecessary escalation, erodes trust in the coverage system, and creates operational friction. Structural coverage does not capture non-structural competence. The architecture is conservative by design. This is the right trade-off in regulated contexts. It is a cost worth acknowledging.
What This Changes About Agent Deployment
The MindBot epistemic stack is not a set of performance optimizations. It is a reframing of what responsible agent deployment requires.
From capability certification to epistemic certification. An agent should not go to production because it scored well on a benchmark. It should go to production because its coverage against the target domain's ontology meets the deployment threshold — and because its gap nodes are mapped, its escalation rules are derived, and its behavior at the edges of its knowledge is defined and auditable.
From confidence thresholds to gap node triggers. Human-in-the-loop policies should not be driven by a confidence score below 0.7. They should be driven by structural traversal: when this task requires crossing a node the agent's graph does not contain, escalate — and provide the human operator with the exact graph location that triggered the escalation and why.
From black-box reasoning to traceable context. When a deployed agent makes a decision that is challenged — by a regulator, a client, or an internal audit — the response should not be a log reconstruction exercise. It should be a deterministic replay: here are the exact ranked propositions that were injected, their types, their weights, and their source UUIDs. The reasoning surface is auditable by design.
From static autonomy to dynamic autonomy. Agent permissions should reflect real-time epistemic coverage, not initial configuration. An agent that has expanded its knowledge graph through operation should gain autonomy incrementally. An agent operating in a domain with reduced coverage should have its scope constrained automatically.
The Architecture as a Statement of Philosophy
Three extensions. One PostgreSQL instance. No external systems.
textWhat exists? → PG_FACETS → Long-term declarative memory
How does it relate? → PG_DGRAPH → Structural knowledge & metacognition
What do I tell the
model, at what cost,
traceable to what? → PG_MEMPROJ → Working memory
The analogy to human cognition is not decorative. Human professionals are trusted in consequential roles not only because they are capable, but because they have internalized the structure of their domain well enough to know when they are out of their depth. They know what they don't know. They escalate at the right edges. They can explain their reasoning when challenged.
These are not soft skills. They are epistemic capacities. They are exactly what distinguishes a trusted professional from a capable but unreliable one.
MindBot's postulate is that these same capacities can be architecturally instantiated in autonomous agents — not as emergent properties of large models, but as structural properties of the system those models operate within. The three extensions do not make agents wise. They make agents epistemically accountable — capable of knowing their territory, mapping their gaps, and delivering their knowledge to the model at the boundary of what they actually know.
An agent built on this architecture does not search blindly. It does not act confidently beyond its competence. It does not bury its uncertainty in fluent language. It knows what it knows. It knows what it doesn't know. And it operates with the precision that distinction makes possible.
The question was never whether agents are capable enough.
The question has always been whether they know themselves well enough to be trusted.
PG_FACETS, PG_DGRAPH, and PG_MEMPROJ are in active development as part of the MindFlight Open Source stack. Early access for teams building multi-agent systems in regulated environments is available on request.